The Agent Skills Directory

[SAFE]: The skill handles sensitive API credentials for workplace platforms by storing them in the user's local home directory (~/.colleague-skill/) with restricted file permissions (0600), minimizing the risk of credential exposure as documented in the installation guidelines.
[SAFE]: Automated data collection from Feishu, Slack, and DingTalk targets official API endpoints of these well-known services. The skill performs network operations solely to fulfill its stated purpose of data distillation.
[EXTERNAL_DOWNLOADS]: The skill utilizes playwright for browser-based scraping and npx to execute the feishu-mcp utility. These external tools are documented dependencies required for specific data collection features and originate from reputable package registries.
[PROMPT_INJECTION]: The skill processes untrusted external data (chat logs and emails) to generate AI personas, which creates a surface for indirect prompt injection. Malicious instructions embedded in source materials could potentially influence the agent during the analysis phase, though no active exploitation was detected.
[SAFE]: Static analysis alerts regarding homoglyphs in docs/lang/README_RU.md are false positives triggered by standard Cyrillic characters in the Russian language documentation.

dot-skill